Sat Apr 19 2025 15:26:04 PDT
  • Bug ID: 1469309, 1469914, 1450989, 1480092, 1480517, 1481093, 1478575, 1471953, 1473161, 1466991, 1468738, 1483120, 1467363, 1472925, 1466577, 1467889, 1480521, 1478849

18 bugs found.
ID Type Summary Product Comp Assignee Status Resolution Updated
1478575 AddressSanitizer: heap-use-after-free [@ Id] with READ of size 4 through [@ mozilla::camera::PCamerasChild::SendGetCaptureDevice] Core WebRTC: Audio/Video apehrson RESO FIXE 2020-02-28
1480092 WebRTC: Use-after-free in VP8 Block Decoding Core WebRTC: Audio/Video dminor RESO FIXE 2019-08-07
1478849 AddressSanitizer: heap-use-after-free [@ IPC::Channel::Unsound_IsClosed] with READ of size 8 Core IPC jld RESO FIXE 2024-05-30
1471953 AddressSanitizer: heap-use-after-free /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/RefPtr.h:296:27 in get Core Audio/Video: MediaSt karlt RESO FIXE 2021-09-13
1480521 js::Shape is not Compacting-GC-safe (32-bit builds) Core JavaScript: GC tcampbell RESO FIXE 2019-08-07
1473161 Missing bounds checks in nsContentUtils::DataTransferItemToImage Core DOM: Core & HTML annygakhokidze RESO FIXE 2019-08-07
1472925 Potential UaF of MSG from CompleteAudioContextOperations Core Audio/Video: MediaSt karlt RESO FIXE 2019-08-07
1466577 Crash in arena_dalloc | Allocator<T>::free | MOZ_Z_inflateEnd Core Networking: WebSocke michal.novotny RESO FIXE 2019-08-07
1467363 Intermittent GECKO(5160) | SUMMARY: AddressSanitizer: heap-use-after-free z:\build\build\src\gfx\cairo\cairo\src\cairo-gstate.c:218 in _cairo_gstate_fini Core Graphics bas RESO FIXE 2020-02-28
1450989 Form submission can happen sync while !IsSafeToRunScript() and trigger chrome script Core DOM: Core & HTML echen RESO FIXE 2019-08-07
1469309 Heap-buffer-underflow READ 8 from HalParent::RecvEnableSensorNotifications Core Hardware Abstraction gsvelto RESO FIXE 2021-11-18
1469914 HalParent's use of observers has many UAFs Core Hardware Abstraction gsvelto RESO FIXE 2021-11-18
1467889 Fix off-by-one error in nsITransferable IPC string length logic Core IPC jld RESO FIXE 2019-08-07
1480517 AddressSanitizer: heap-use-after-free [@ get] through [@ nsDBusRemoteService::HandleDBusMessage] with READ of size 8 Toolkit General stransky RESO FIXE 2020-02-28
1468738 use-after-poison in [@ nsIFrame::RemoveDisplayItemDataForDeletion] Core Web Painting jnicol VERI FIXE 2020-02-16
1466991 Assertion failure: slowNode == node (These should always be in sync!), at src/dom/base/nsINode.cpp:317 Core DOM: Core & HTML bzbarsky VERI FIXE 2020-02-16
1481093 Crash [@ js::NativeObject::hasAllFlags] or Assertion failure: getElementsHeader()->initializedLength == getElementsHeader()->capacity, at /vm/NativeObject.h:545 with TypedObject Core JavaScript Engine jcoppeard VERI FIXE 2023-12-06
1483120 heap-buffer-overflow in [@ SkDashPath::InternalFilter] Core Graphics: Canvas2D lsalzman VERI FIXE 2020-02-16
18 bugs found.